FBI investigating AT&T iPad security breach

New York Mayor Michael Bloomberg with his iPad; he was among more than 100,000 iPad 3G users whose e-mail addresses were hacked. The FBI is now investigating.
New York Mayor Michael Bloomberg with his iPad; he was among more than 100,000 iPad 3G users whose e-mail addresses were hacked. The FBI is now investigating.Anthony DePrimo / AP
/ Source: msnbc.com news services

The Federal Bureau of Investigation has opened a probe into a security breach of Apple's iPad that exposed personal information of AT&T customers, including those of several high-ranking government officials.

The breach, first reported by the website Gawker, occurred when a group calling itself Goatse Security hacked into AT&T's iPad subscriber data, obtaining a list of e-mail addresses that also included celebrities, chief executives and politicians.

"The FBI is aware of these possible computer intrusions and has opened an investigation to address the potential cyber threat," FBI spokesman Jason Pack said on Thursday.

AT&T, which has exclusive U.S. rights to carry the iPad and the popular iPhone, has acknowledged the security breach but said it had corrected the flaw and that only e-mail addresses were exposed to hackers who identified a security weakness.

It declined to comment on the FBI investigation.

The quick FBI probe into the security flaw came amid reports of several high-ranking government officials on the list of iPad owners with compromised personal information.

In all, more than 100,000 email addresses are believed to have been exposed. Goatse could not immediately be reached for comment.

One source in the telecommunications industry said it was not surprising that the FBI was looking at the breach.

"If there's a high-profile data compromise it's not unusual to get a phone call from government officials," said the executive, who asked not to be named.

The iPad, launched in April, has already sold more than 2 million units worldwide.

No other data compromised?
The iPad, launched in April, has already sold more than 2 million units worldwide. Buzz around the device — which alongside the iPhone will form a pivotal part of the company's international growth strategy — helped propel Apple past Microsoft in May to become the world's most valuable technology stock. (Msnbc.com is a Microsoft-NBC Universal joint venture.)

But rivals from Dell to Hewlett-Packard are scrambling to get rival offerings onto the fledgling market, and the security breach could pose a potential embarrassment for Apple's 2-month-old device.

Security experts said it was unlikely that other information besides e-mail addresses had been compromised.

Charlie Miller, an analyst with Independent Security Evaluators, argued that the breach had nothing to do the iPad's security.

"The actual vulnerability is pretty basic, but the loss of data is not serious, in my opinion. The data on the iPad and the devices themselves were never compromised or vulnerable," Miller said via e-mail.

George Kurtz, chief technology officer for security software company McAfee, also downplayed the severity of the breach.

"I would guess that this application vulnerability gained so much attention because, after all, it is Apple we are talking about," Kurtz wrote in a blog post.

"The hype around Apple products — like the new iPhone and iPad — is amazing. However, the reality is this type of vulnerability isn't really news and happens all day long."

But the security gaffe isn't likely help AT&T win any friends among Apple customers. The carrier has been criticized by iPhone users for the quality its network.

Still, few people thought the security snafu would hurt AT&T's relationship with Apple.

"Everybody realizes security is an issue all companies have to deal with," BTIG analyst Walter Piecyk said. "Apple has endured the reputation of AT&T's network, which seems to be a much bigger deal."

Not a big deal, says Bloomberg
Meanwhile, New York Mayor Michael Bloomberg, whose e-mail address was exposed because of the security vulnerability with his new iPad, shrugged it off Thursday and said he didn't understand the fuss.

"It shouldn't be pretty hard to figure out my e-mail address," Bloomberg said, "and if you send me an e-mail and I don't want to read it, I don't open it. To me it wasn't that big of a deal."

AT&T said Wednesday that a security weak spot exposed the e-mail addresses — but nothing else — of more than 100,000 iPad users. Only users who signed up for AT&T's "3G" wireless Internet service were affected.

The problem had to do with the way AT&T's website prompted iPad users to log onto their AT&T accounts.

"We live in a world where information is available all over the place, and there's going to be security breaches every day all over the world," Bloomberg said. "That's what happens when you have information."

In recent weeks, the mayor has often touted the Apple tablet as a helpful tool for managing a city of 8.4 million people.

AT&T said Wednesday it would notify all iPad users whose e-mail addresses may have been exposed.

"We take customer privacy very seriously and while we have fixed this problem, we apologize to our customers who were impacted," the company said in a statement.